US 20060034452 A1 Abstract A code computing apparatus with an error detection code (CRC) generating function and an elliptic curve cryptography (ECC) function, comprising a matrix element computation part
30 for generating matrix elements from parameter values set in first and second registers 201 and 202, a matrix element register 51 for holding the matrix elements generated by the matrix element computation part, and an inner product calculation part 40 for executing inner product calculation between the matrix elements held by the matrix element register and data set in a third register. The matrix element computation part selectively generates matrix elements for error detection and matrix elements for encryption by changing the parameters to be set in the first and second registers, and the inner product calculation part is shared to error control code generation and data encryption by altering the matrix elements to be held in the matrix element register. Claims(7) 1. A code computing apparatus comprising:
first and second registers ( 201 and 202) in which parameters having a predetermined bit length are set, respectively; a third register ( 203) in which data to be encrypted is set; a matrix element computation part ( 30) for generating matrix elements from the values set in said first and second registers; a matrix element register ( 51) for holding the matrix elements generated by said matrix element computation part; and an inner product calculation part ( 40) for executing inner product calculation between the matrix elements held by said matrix element register and the data set in said third register, wherein said matrix element computation part selectively generates matrix elements for error detection and matrix elements for encryption by changing the parameters to be set in said first and second registers, and said inner product calculation part selectively performs error control code generation and data encryption by altering the matrix elements to be held in said matrix element register. 2. A code computing apparatus comprising:
first and second registers ( 201 and 202) for storing, at least one of them, coefficient data of a polynomial of degree n; a third register ( 203) in which data to be encrypted is set; a matrix element computation part ( 30) for generating matrix elements of n×n from the value set in said first and second registers; a matrix element register ( 51) for holding the matrix elements generated by said matrix element computation part; and an inner product calculation part ( 40) for executing inner product calculation between the matrix elements held by said matrix element register and the data set in said third register; wherein said inner product calculation part produces encrypted data of transmitting data or receiving data supplied to said third register. 3. The code computing apparatus according to said matrix element computation part generates matrix elements for error detection, and said inner product calculation part generates an error detection code corresponding to the data set in said third register. 4. The code computing apparatus according to coefficient data (g′) of a polynomial g(x) of degree n of Galois field is set, except for a coefficient of the highest degree n, to said first and second registers, and said inner product calculation part outputs a CRC code corresponding to a modulus (mod) of the polynomial g(x) for the data set in said third register. 5. The code computing apparatus according to said matrix element computation part generates matrix elements for encryption, and said inner product calculation part outputs an encryption code of the data set in said third register. 6. The code computing apparatus according to a first memory for storing coefficient data of an irreducible polynomial g(x) of degree n of Galois field and encryption key data; a control part ( 70) for reading out from said memory the coefficient data and the encryption key data in a form divided into a plurality of data blocks and setting them in said first and second registers, respectively, and a second memory for storing elements values of a plurality of partial matrices, wherein elements of a plurality of partial of matrix of n×n are generated by said matrix element computation part ( 30), and under the control of said control part, the elements of partial matrix generated by said matrix element computation part are stored in said second memory, the elements of partial matrix are selectively loaded from said second memory to said matrix element register ( 51), and said inner product calculation part repeats the inner product calculation between the data set in said third register and the elements of a plurality of partial matrices, thereby to output said encryption code. 7. The code computing apparatus according to means ( 52 and 53) for performing exclusive OR operation between the results of inner product calculation generated by said inner product calculation part and pre-computed elements held as intermediate results of the calculation, and holding the results of exclusive OR operation as new intermediate results of the calculation.Description The present invention relates to code calculating device (a code computing apparatus) for communication data, and more particularly to code calculating device (a code computing apparatus) for generating an error detection (correction) code and data encryption/decryption processing necessary for transmitting and receiving of digital packet data. A digital communication apparatus needs an encryption/decryption function and an error detection (correction) code generating function of packet data to cope with holding data security and occurrence of a signal error on a network. As the communication need for still images or moving images having a large amount of information is increased in addition to voice data and text data communication, an encryption/decryption technique and an error detection (correction) code generating technique suitable for making the data transfer rate high are required for the digital communication apparatus. As an error detection code of a data packet, for instance, CRC (Cyclic Redundancy Check Codes) only for error detection without performing error correction is often used. CRC computing equations are described in Ramabadran, T. V. and Gaitonde S. S. “A Tutorial on CRC Computations”, IEEE Micro, vol. 8, No. 4, pp. 62-75, August 1988. As an encryption method used for holding data security, RSA (public-key) cryptography is well-known. The RSA, however, needs a long code with 1024 bits as an encryption/decryption key, and attention has been focused in recent years on elliptic curve cryptography (ECC) which requires a short code length of about 160 bits. With respect to the elliptic curve cryptography processing, there exists a document of Moon, S., Park, J. and Lee, Y., “Fast VLSI Arithmetic Algorithms for High-Security Elliptic Curve Cryptographic Applications” IEEE Transaction Consumer Electronics, vol. 47, No. 3, pp. 700-708, August 2001. The above document describes examples of computing equations necessary for the elliptic curve cryptography (ECC) and a large-scale integrated circuit realizing the ECC processing. Since the RSA employs modulo arithmetic causing propagation of a carry bit, it increases the quantity of hardware. As will be described hereinafter, according to the ECC, data encryption/decryption can be realized with compact hardware because ECC is based on Galois field (finite field) which does not cause the propagation of a carry bit. The modulo arithmetic using polynomial g(x) of degree n over Galois field shown by equation (1) will be considered.
This Galois field of the polynomial is generally expressed as GF ( The following three polynomials expressing data having length n will be considered now, where a For the ECC, data indicating an encryption key called a public-key or a private-key is expressed with a polynomial a(x) and transmitting/receiving data to which the encryption key is applied is expressed with a polynomial b(x). In this case, encrypted data on the transmission side or decrypted data (the original unencrypted plain data) on the receiving side is obtained as calculation result c(x) of the following equation (2).
Expressing the equation (2) in detail, the following equation (3) is given.
In documents: Mastrovito, E. D., “VLSI Designs for Multiplication over Finite Fields GF(2 A matrix M of n×n in the equation (4) is called a Mastrovito matrix. The elements of the matrix M can be previously calculated from the polynomials a(x) and g(x). On the other hand, the value of CRC is calculated as the remainder c(x) obtained when x -
- where x
^{n}·b(x) means that the data b(x) is shifted to the left by n bits. The data transmission side sends out, to the transmission path, transmitting data b(x) to which the polynomial c(x) indicating the value of CRC calculated by the equation (6) is added.
- where x
The data receiving side performs the same calculation to the received data b(x) with CRC and judges that the received data b(x) has no errors with a very high probability when the calculation result c(x) is 0. Comparing the equation (2) with the equation (6), the computing equations of CRC and ECC are found to be very similar. The difference lies in that the value, by which the data b(x) is multiplied, is x The above documents describing the Mastrovito matrix seem to generally treat an error correction method called BCH or Reed-Solomon by the equation (2). However, the above documents do not specifically describe how these encryption methods are concretely related with the equation (2). The above documents do not suggest the later-described CRC code matrix expression noted by the present invention. An object of the present invention is to provide a code computing apparatus applicable to both of error detection and data encryption/decryption. Another object of the present invention is to provide a Galois field (finite field) code computing apparatus applicable commonly to error detection and data encryption/decryption. A further object of the present invention is to provide a code computing apparatus capable of calculating matrix elements for error detection and data encryption/decryption by the same matrix element computation part and selectively uses these matrix elements to error detection and data encryption/decryption. A furthermore object of the present invention is to provide a packet communication apparatus capable of performing error detection and data encryption/decryption with a compact hardware configuration. In order to achieve these objects, the present invention is characterized by the hardware applicable in common to CRC computation and ECC computation, which is proposed based on the similarity between Galois field-based CRC and ECC computing equations. According to one of solving methods which can be easily considered in order to share the computing processing between CRC and ECC, the degree of the polynomial a(x) by which the data b(x) is multiplied in ECC computation shown by the equation (2) is increased from degree n−1 to degree n so as to be consistent with the degree of x The present invention uses the following characteristic of modulo arithmetic over Galois field to share the computing processing between CRC and ECC. As shown by the equation (1), coefficient g Here, the right side of the equation (7) is replaced with the following equation.
The CRC computing equation shown by the equation (6) is transformed to the following equation (9). Like the ECC computing equation (2), the degree of the polynomial by which the data b(x) is multiplied can be reduced to degree n-1.
The value of CRC can be calculated according to the equation (9) by setting the value of g′(x) in place of a(x). Further, when term x Accordingly, by comparing the coefficient terms of x One feature of the present invention resides in that the CRC computing equation is transformed like the equation (9), the degree is adapted to the ECC computing equation (3), and the same matrix element computation part is used to compute the elements of ECC matrix and CRC matrix. Another feature of the present invention resides in that ECC encryption/decryption computation and CRC computation are executed by the same inner product calculation part, by selectively using ECC matrix elements and CRC matrix elements calculated previously. The packet communication apparatus is comprised of a core processor (P-CORE) The processing part A transmitting message (plain data) outputted from the core processor A receiving message (plain data or encrypted data) with an error detection code received from the transmission path In this case, the error detection code encoding part The r(x) is added to the data x On the other hand, the error detection code decoding part In this case, by removing r′(x) from the receiving data w′(x) and shifting the receiving data to the right by n bits, the original data block b(x)=b′(x) is restored. When the length of a message received from the transmission path is longer than 2n bits, the above-described error detection code decoding processing is repeated for each data block having a 2n-bit length. The encryption processing part The block length n of ECC encrypted data is about 160 bits which is longer than that of CRC. In order to apply the same hardware as CRC, the transmitting data block b(x), public-key a(x) and irreducible polynomial g(x) are divided into a plurality of sub-blocks each corresponding to the CRC bit length, and the encryption processing is repeated. The encrypted data added with an error detection code is processed at the receiving side to detect an error. When the receiving data has no errors, it is restored to the encrypted data c(x) from which the error detection code has been removed. As shown by the following equation (13), the decryption processing part The feature of the present invention resides in that the configuration of the processing part The processing part (code computing apparatus) The memory In the buffer memory The processing part (code computing apparatus) When generating a matrix element for ECC encryption in the matrix element computing mode, for instance, the control part In the same manner, matrix elements for ECC decryption are generated in the state that the coefficient values of the irreducible polynomial g(x) are set from the memory area The element values for CRC matrix are generated in the state that the coefficient values of g′(x) are set from the memory area In the case where each of the A-REG In the transmitting data encryption mode, transmitting data read out in units of 32-bit of sub-block from the Tx-BUF area of the buffer memory is supplied to the B-REG The calculation result of the inner product calculation part When the encryption calculation processing of the transmitting data for a plurality of sub-blocks corresponding to the ECC code length has been completed, the contents of the C-MEM When the encryption processing for one message stored in the Tx-BUF area has been completed through the repetition of the above-described inner product calculation, the operation mode is switched to the transmitting data error encryption mode (CRC computation mode). In the transmitting data error encryption mode, in the state of loading the elements of CRC matrix from the MAT-MEM The inner product calculation part In the receiving data error detection mode, by selecting receiving data read out from the Rx-CRC area In this case, the receiving data is stored in the Rx-CRC area The consistency detection of the r′(x) and r(x) is performed by the consistency detection circuit In the encrypted data decryption mode, by selecting the data block read out from the Rx-ENC area In the explanation of the embodiment of The values (m Each of the coefficients of the polynomial g(x) has a fixed value defined by the standards. In the case of ECC encryption/decryption, the polynomial a(x) is an encryption key and has a fixed value or semi-fixed value in a certain period. In the case of error detection, the polynomial g′(x) to be used in place of a(x) has a perfect fixed value. Accordingly, since the matrix M generated from these parameters has a fixed or semi-fixed value, if the coefficient values are once computed by the matrix element computation part The matrix computation capacity of the matrix element computation part Here, for instance, the value of a matrix element m (0, 1) in the first row (the row of the calculation result c When generating matrix element values for each submatrix by the matrix element computation part When handling such submatrices, the input data (B The matrix element computation part Any one of the value “ai” of the i-th bit stored in the A-REG The value “gi” of the i-th bit stored in the G-REG In this embodiment, in order to apply to the CRC matrix computation and ECC matrix computation, the matrix element computation part When generating the elements of CRC matrix, the control part Accordingly, in the computation cycle of the matrix elements in the first column, each of the bit values a In the computation cycle of the matrix elements in the second column, the value of element (m In the computation cycles of the matrix elements in the second to k-th column, the same computing operation is repeated, thereby to generate matrix elements according to the equations (14) and (15) in the CRC matrix area M(0,0). When generating the elements of ECC matrix, in the state that each of the third group of registers At this time, the bit values of a When the matrix computation for the first column has been completed, the control signals S In the computation cycle in which the parameter values g In each of the computation cycles performed in the state that the parameter values of the first block (g The values of matrix elements in the third to 32nd column of the submatrices M(0,0), M(1,0), . . . . M(4,0) are generated by repeating the same procedure as the second column. For the remaining submatrices M(0,1), M(1,1), . . . M(4,4), the set value of the G-REG In the CRC matrix element generation routine At first, the control signal S Next, the generation patterns of the control signals S The control signal S First, by generating the control signal S Next, the value of the parameter I is incremented ( If I>Imax, the status of the control signal S Next, the value of the parameter j is compared with jmax ( Next, the value of the parameter I is incremented ( If j>jmax in step In the execution process of the steps Although the matrix element generation routine for ECC encryption is described above, by applying the decryption key read out from the D-KEY area of the memory FIGS. The transmitting data processing routine The receiving data processing routine The control part First, each of the values of the parameters I and J for specifying a submatrix M(I, J) are initialized to have an initial value 0 ( Next, the submatrix M (I, J) for encryption is loaded from the memory The value of the parameter I is incremented ( As a result of incrementing the parameter I, when the value of I becomes grater than 4, the value of I is returned to the initial value 0 and the value of J is incremented ( When the value of the parameter J is J>4, the contents (ECC- In the CRC generation/transmission processing ( The header part of the transmitting message is read out from the Tx-ENC area After loading the elements of CRC matrix from the memory In the case of CRC generation, since a whole CRC code to be added to the data block D(n) can be generated by once of starting the inner product calculation part CRC generation processing Since the receiving data decryption processing In the above embodiment, the CRC and ECC matrices generated by the matrix element computation part In this embodiment, the basic size of the matrix generated by the matrix element computation part is 32×32. When the basic size becomes smaller, for instance, to 8×8 or 16×16, the CRC matrix has to be generated in the submatrix mode. In this case, the same control method as the ECC matrix element generation routine According to the present invention, by applying matrix elements prepared in advance, a CRC code necessary for error detection of transmitting/receiving data can be generated at high speed. Further, by using the matrix element computation part for generating the matrix for CRC, it is able to rapidly generate the matrix elements for ECC encryption and decryption. Accordingly, if it is desired to suitably change the encryption key in order to increase the safety, by supplying encryption key data from outside and instructing the control part According to the present invention, as the same hardware (the matrix element computation part and the inner product calculation part) is applicable in common to the error detection code generation and encryption processing, a compact packet communication apparatus can be provided. Further, matrix elements necessary for encryption/decryption processing are generated in the packet communication apparatus, it becomes easy to change an encryption key to increase the safety of transmitting/receiving data. Referenced by
Classifications
Legal Events
Rotate |